Updating link to change in openSUSE:Factory/wget revision 49.0

OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=67ab3e42ff8956d7492283b54cdad5f8

wget-stack-overflow-on-negative-chunksize-CVE-2017-13089.patch

@@ -1,31 +0,0 @@
-From 3dbc2e06ad487862c2fcc64d4891ff8aeb254bad Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
-Date: Fri, 20 Oct 2017 10:59:38 +0200
-Subject: [PATCH 1/2] Fix stack overflow in HTTP protocol handling
- (CVE-2017-13089)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-* src/http.c (skip_short_body): Return error on negative chunk size
-
-Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
-Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
----
- src/http.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/http.c b/src/http.c
-index 55367688..dc318231 100644
---- a/src/http.c
-+++ b/src/http.c
-@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked)
-               remaining_chunk_size = strtol (line, &endl, 16);
-               xfree (line);
-
-+              if (remaining_chunk_size < 0)
-+                return false;
-+
-               if (remaining_chunk_size == 0)
-                 {
-                   line = fd_read_line (fd);

wget-stack-overflow-on-negative-chunksize-CVE-2017-13090.patch

@@ -1,34 +0,0 @@
-From 28925c37b72867c0819799c6f35caf9439080f83 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
-Date: Fri, 20 Oct 2017 15:15:47 +0200
-Subject: [PATCH 2/2] Fix heap overflow in HTTP protocol handling
- (CVE-2017-13090)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-* src/retr.c (fd_read_body): Stop processing on negative chunk size
-
-Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
-Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
----
- src/retr.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/retr.c b/src/retr.c
-index a27d58af..723ac725 100644
---- a/src/retr.c
-+++ b/src/retr.c
-@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread,
-               remaining_chunk_size = strtol (line, &endl, 16);
-               xfree (line);
-
-+              if (remaining_chunk_size < 0)
-+                {
-+                  ret = -1;
-+                  break;
-+                }
-+
-               if (remaining_chunk_size == 0)
-                 {
-                   ret = 0;

wget.changes

@@ -1,12 +1,3 @@
--------------------------------------------------------------------
-Tue Oct 24 07:07:32 UTC 2017 - josef.moellers@suse.com
-
-- Fixed two stack overflow vulnerabilities if a chunksize is
-  negative.
-  [bsc#1064715,wget-stack-overflow-on-negative-chunksize-CVE-2017-13089.patch,
-   bsc#1064716,wget-stack-overflow-on-negative-chunksize-CVE-2017-13090.patch,
-   CVE-2017-13089,CVE-2017-13090]
-
 -------------------------------------------------------------------
 Thu Sep 21 06:45:00 UTC 2017 - josef.moellers@suse.com
 

wget.spec

@@ -35,8 +35,6 @@ Patch7:         wget-fix-pod-syntax.diff
 Patch8:         wget-errno-clobber.patch
 Patch9:         wget-CVE-2017-6508.patch
 Patch10:        wget-416-but-file-not-complete.patch
-Patch11:        wget-stack-overflow-on-negative-chunksize-CVE-2017-13089.patch
-Patch12:        wget-stack-overflow-on-negative-chunksize-CVE-2017-13090.patch
 BuildRequires:  automake
 BuildRequires:  gpgme-devel >= 0.4.2
 BuildRequires:  libcares-devel
@@ -85,8 +83,6 @@ This can be done in script files or via the command line.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
-%patch11 -p1
-%patch12 -p1
 
 %build
 %if 0%{?suse_version} > 1110